Documentation ¶
Index ¶
Constants ¶
const ( JwksURL = "jwks_url" ConfigURL = "config_url" ClaimName = "claim_name" ClaimPrefix = "claim_prefix" ClientID = "client_id" Scopes = "scopes" EnvIdentityOpenIDClientID = "MINIO_IDENTITY_OPENID_CLIENT_ID" EnvIdentityOpenIDJWKSURL = "MINIO_IDENTITY_OPENID_JWKS_URL" EnvIdentityOpenIDURL = "MINIO_IDENTITY_OPENID_CONFIG_URL" EnvIdentityOpenIDClaimName = "MINIO_IDENTITY_OPENID_CLAIM_NAME" EnvIdentityOpenIDClaimPrefix = "MINIO_IDENTITY_OPENID_CLAIM_PREFIX" EnvIdentityOpenIDScopes = "MINIO_IDENTITY_OPENID_SCOPES" )
OpenID keys and envs.
const (
EnvIamJwksURL = "MINIO_IAM_JWKS_URL"
)
Legacy envs
Variables ¶
var ( SigningMethodES3256 *jwt.SigningMethodECDSA SigningMethodES3384 *jwt.SigningMethodECDSA SigningMethodES3512 *jwt.SigningMethodECDSA )
Specific instances for EC256 and company
var ( SigningMethodRS3256 *jwt.SigningMethodRSA SigningMethodRS3384 *jwt.SigningMethodRSA SigningMethodRS3512 *jwt.SigningMethodRSA )
Specific instances for RS256 and company
var ( DefaultKVS = config.KVS{ config.KV{ Key: ConfigURL, Value: "", }, config.KV{ Key: ClientID, Value: "", }, config.KV{ Key: ClaimName, Value: iampolicy.PolicyName, }, config.KV{ Key: ClaimPrefix, Value: "", }, config.KV{ Key: Scopes, Value: "", }, config.KV{ Key: JwksURL, Value: "", }, } )
DefaultKVS - default config for OpenID config
var (
ErrTokenExpired = errors.New("token expired")
)
ErrTokenExpired - error token expired
var ( Help = config.HelpKVS{ config.HelpKV{ Key: ConfigURL, Description: `openid discovery document e.g. "https://accounts.google.com/.well-known/openid-configuration"`, Type: "url", }, config.HelpKV{ Key: ClientID, Description: `unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"`, Type: "string", Optional: true, }, config.HelpKV{ Key: ClaimName, Description: `JWT canned policy claim name, defaults to "policy"`, Optional: true, Type: "string", }, config.HelpKV{ Key: ClaimPrefix, Description: `JWT claim namespace prefix e.g. "customer1/"`, Optional: true, Type: "string", }, config.HelpKV{ Key: Scopes, Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"`, Optional: true, Type: "csv", }, config.HelpKV{ Key: config.Comment, Description: config.DefaultComment, Optional: true, Type: "sentence", }, } )
Help template for OpenID identity feature.
Functions ¶
func GetDefaultExpiration ¶
GetDefaultExpiration - returns the expiration seconds expected.
func SetIdentityOpenID ¶
SetIdentityOpenID - One time migration code needed, for migrating from older config to new for OpenIDConfig.
Types ¶
type Config ¶
type Config struct { JWKS struct { URL *xnet.URL `json:"url"` } `json:"jwks"` URL *xnet.URL `json:"url,omitempty"` ClaimPrefix string `json:"claimPrefix,omitempty"` ClaimName string `json:"claimName,omitempty"` DiscoveryDoc DiscoveryDoc ClientID string // contains filtered or unexported fields }
Config - OpenID Config RSA authentication target arguments
func LookupConfig ¶
func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (c Config, err error)
LookupConfig lookup jwks from config, override with any ENVs.
func (*Config) PopulatePublicKey ¶
PopulatePublicKey - populates a new publickey from the JWKS URL.
func (*Config) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data.
type DiscoveryDoc ¶
type DiscoveryDoc struct { Issuer string `json:"issuer,omitempty"` AuthEndpoint string `json:"authorization_endpoint,omitempty"` TokenEndpoint string `json:"token_endpoint,omitempty"` UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"` RevocationEndpoint string `json:"revocation_endpoint,omitempty"` JwksURI string `json:"jwks_uri,omitempty"` ResponseTypesSupported []string `json:"response_types_supported,omitempty"` SubjectTypesSupported []string `json:"subject_types_supported,omitempty"` IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"` ScopesSupported []string `json:"scopes_supported,omitempty"` TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"` ClaimsSupported []string `json:"claims_supported,omitempty"` CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"` }
DiscoveryDoc - parses the output from openid-configuration for example https://accounts.google.com/.well-known/openid-configuration
type JWKS ¶
type JWKS struct { Keys []*JWKS `json:"keys,omitempty"` Kty string `json:"kty"` Use string `json:"use,omitempty"` Kid string `json:"kid,omitempty"` Alg string `json:"alg,omitempty"` Crv string `json:"crv,omitempty"` X string `json:"x,omitempty"` Y string `json:"y,omitempty"` D string `json:"d,omitempty"` N string `json:"n,omitempty"` E string `json:"e,omitempty"` K string `json:"k,omitempty"` }
type Validator ¶
type Validator interface { // Validate is a custom validator function for this provider, // each validation is authenticationType or provider specific. Validate(token string, duration string) (map[string]interface{}, error) // ID returns provider name of this provider. ID() ID }
Validator interface describes basic implementation requirements of various authentication providers.
type Validators ¶
Validators - holds list of providers indexed by provider id.
func (*Validators) Add ¶
func (list *Validators) Add(provider Validator) error
Add - adds unique provider to provider list.
func (*Validators) Get ¶
func (list *Validators) Get(id ID) (p Validator, err error)
Get - returns the provider for the given providerID, if not found returns an error.
func (*Validators) List ¶
func (list *Validators) List() []ID
List - returns available provider IDs.